Cybersecurity threats continue to grow in sophistication, and users of popular services like Microsoft 365 and Google face an increasingly dangerous landscape. These accounts are often targets for attackers due to their widespread use for both personal and corporate communications, file storage, and sensitive data management.
Despite built-in security features such as multi-factor authentication, attackers have developed new methods to bypass these defenses. A newly discovered threat, known as VoidProxy, is a phishing-as-a-service platform designed to hijack Microsoft and Google accounts, even those protected by third-party single sign-on solutions such as Okta.
How VoidProxy hijacks Microsoft and Google accounts
VoidProxy stands out for its advanced and scalable attack approach, making it a serious concern for enterprises and individuals alike. Discovered by Okta Threat Intelligence researchers, the platform employs adversary-in-the-middle tactics. This allows attackers to intercept credentials, multi-factor authentication codes, and session cookies in real time.
VoidProxy begins its attack by sending emails from compromised accounts. These usualy belong to email marketing service providers such as Constant Contact, Active Campaign, and NotifyVisitors. These emails contain shortened links that lead recipients through multiple redirections before landing on a phishing site.
The phishing pages are hosted on disposable, low-cost domains with extensions like .icu, .sbs, .cfd, .xyz, .top, and .home. Cloudflare protects these domains, obscuring their true locations and making takedowns difficult.
Before presenting the phishing form, visitors must pass a Cloudflare CAPTCHA, which helps filter out automated bots and makes the interaction seem legitimate.
Targeted credential theft
When attackers serve a page that convincingly mimics the Microsoft or Google login interface, victims often enter their credentials without suspicion.
VoidProxy forwards these inputs through its adversary-in-the-middle system directly to the legitimate Microsoft or Google servers. This proxying not only steals usernames and passwords but also intercepts two-factor authentication codes and session cookies.
For those who rely on single sign-on providers like Okta, VoidProxy has a second-stage phishing page. This page imitates the official Microsoft 365 or Google SSO flow with Okta, tricking you into submitting sensitive information.
The service’s proxy server relays traffic between the victim and the real service, while simultaneously capturing critical authentication data. Once a session cookie is issued by the legitimate service, VoidProxy duplicates it and makes it accessible to the attacker through an admin panel.
6 ways you can keep your Google or Microsoft account safe
I have listed some steps that you can take to safeguard against VoidProxy and similar threats and keep your online accounts safe.
1) Keep strong antivirus software installed
Strong antivirus software helps detect and block malware that could be used to monitor your online activity or capture keystrokes. While VoidProxy uses phishing pages and proxies traffic rather than installing malware, a strong antivirus software provides a second line of defense by alerting users to suspicious downloads or infected sites.
TotalAV is easy to set up and offers real-time protection for paid users, keeping your devices safe around the clock. It includes tools to block phishing scams, remove ransomware and spyware, and clean up adware and junk files. The software also features a browser manager, system tune-up tools, and protects across Windows, Mac, Android, and iOS devices.
GET MY EXCLUSIVE CYBERGUY TOTALAV DEAL:
Please note:
1) If you're having difficulty seeing either of the above deals, do this:
- If you're on a mobile device, hold down the link above, "Copy Link", and then paste it into a private or incognito browser.
- If you're on a laptop or desktop, right click the link, "Copy Link", and then paste it into a private or incognito browser.
2) During registration you may see optional upsells you can decline. Our top pick is the core antivirus product.
3) If you need help after your purchase, you can reach TotalAV directly through their official support page here.
2) Remove personal data from the internet
Attackers often gather personal information to craft targeted phishing campaigns that appear legitimate. Removing unnecessary personal information from public sources limits what attackers can use to make their phishing attempts more convincing. Using a data removal service helps monitor and remove your personal details from the dark web and public databases, reducing your digital footprint and overall exposure to targeted attacks.
Incogni, a service I trust 100% and use myself, helps automate the process by submitting removal requests to hundreds of data brokers and people-search sites on your behalf.
Incogni automatically contacts data brokers on your behalf and requests the removal of your personal information. It also continues monitoring those sites and submits new removal requests if your data reappears.
- Incogni currently removes personal data from 420+ data broker and people-search websites, and its Unlimited plan allows you to request removals from as many additional sites as you need.
- Incogni has also received third-party assurance from Deloitte, validating its marketing claims.
- The goal is simple: make it much harder for strangers, scammers, and cybercriminals to find your personal information online.
CyberGuy readers get 60% off Incogni’s annual plans using the links in this article.
The service also includes a 30-day money-back guarantee, so you can try it risk-free and see how much of your information is exposed online.
Is your personal information exposed online?
Run a free scan to see if your personal info is compromised. Results arrive by email in about an hour.
3) Use strong, unique passwords and a password manager
Phishing attacks like VoidProxy rely on capturing your username and password. Avoid using easily guessable passwords or reusing the same password across multiple services. A password manager can generate complex, random passwords and securely store them, reducing the risk of credential compromise.
Next, see if your email has been exposed in past breaches. Our #1 pick, NordPass, includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.
A Texas mom says she spent the night in jail after speaking up online about dirty water in her town. The case was later dropped, but her story raises a troubling question: could something you post online ever put you at risk?
Join Kurt this Saturday, June 13 at 10 AM ET for quick phone privacy and security fixes.
See Kurt’s 2026 picks for practical tech and everyday upgrades.
- Unlimited password storage
- Secure sharing
- Password health reports
- Auto-fill and emergency access
- Data breach monitoring to alert you if your credentials have been exposed
- A Security Dashboard with tools like the Data Breach Scanner and Password Health Checker to identify weak, reused, or compromised passwords
CyberGuy Exclusive Deal: Save 52% now with CyberGuy’s exclusive NordPass offer – Get 1 extra month FREE with a 2-year plan. Try 30 days risk-free for only $1.43 per month!
4) Enable two-factor authentication (2FA)
Two-factor authentication adds an extra layer of security by requiring a second verification step, such as a code sent to your phone or generated by an authentication app. Although VoidProxy tries to steal 2FA codes in real time, using one-time password apps makes it difficult for attackers to intercept and reuse codes successfully.
5) Be cautious with email links and verify sources
VoidProxy starts by sending phishing emails from compromised marketing service accounts. You should never click on links in emails that appear suspicious or unexpected, especially those with URL shorteners or multiple redirections. Instead, navigate directly to Microsoft or Google login pages by typing the URL manually or using bookmarks. This prevents being funneled to malicious sites disguised as legitimate.
6) Regularly monitor account activity
Even with strong protections, some threats may slip through. Regularly checking your Microsoft and Google account login history and authorized applications helps detect suspicious logins or devices you do not recognize. Immediately removing unknown devices and forcing re-authentication for sensitive apps reduces the chances that an attacker maintains ongoing access using stolen session cookies.
Related links:
- Shamos malware tricks Mac users with fake fixes
- Capital One Venture X unlocks free airport lounge access
- Notorious people search site returns after massive breach
Kurt’s key takeaway
Cybercriminals are evolving faster than many users and organizations can keep up. This phishing-as-a-service platform is not just a targeted attack tool. It is a scalable, commercial product designed to lower the barrier to cybercrime. The fact that attackers can target even single sign-on setups highlights a dangerous reality. Security layers that were once considered robust are now vulnerable without additional, proactive measures.
Do you believe enough is being done by service providers like Microsoft, Google, and Okta to prevent these kinds of sophisticated attacks? Let us know in the comments below.
FOR MORE OF MY TECH TIPS & SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
Copyright 2025 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.
🎙 Now Streaming: My New Podcast: The CyberGuy Report
Kurt’s Top Deals
Deals move fast and inventory can be limited, so don’t wait too long.
| 🔥 Editor’s pick  Summer entertaining Ninja SLUSHi Machine (26% off) Frozen drinks and slushies at home in minutes. | |
| 💰 Top deal  Outdoor essential TYPEC Solar Bug Zapper (36% off) Solar-powered bug zappers for patios and camping. |
